snort on ossim

[Kaushal Shriyan <kaushalshriyan () gmail com>]

Hi,

I am testing snort on ossim. I have added a basic rule under
/etc/snort/rules/local.rules and restarted the snort daemon server.

alert icmp any any -> 192.168.1.1 any (sid:1000000; rev:1; msg: "Oh
snap it's a ping";)

> From the client host i did ping 192.168.1.1 but i could not see any
events or alert under snort logs. Also on the OSSIM Admin web
interface i could not see any events

Under /var/log/snort/ I dont see anything

-rw-r----- 1 snort adm 0 2010-03-17 19:38 snort_eth1.1268879936
-rw-r----- 1 snort adm 0 2010-03-18 00:33 snort_eth1.1268897623
-rw-r----- 1 snort adm 0 2010-03-18 00:35 snort_eth1.1268897717
-rw-r----- 1 snort adm 0 2010-03-23 00:46 snort_eth1.1269330408
-rw-r----- 1 snort adm 0 2010-03-23 04:32 snort_eth1.1269343945
-rw-r----- 1 snort adm 0 2010-03-23 04:38 snort_eth1.1269344305
-rw-r----- 1 snort adm 0 2010-03-23 04:42 snort_eth1.1269344567
-rw-r----- 1 snort adm 0 2010-03-24 00:42 snort_eth1.1269416522
-rw-r----- 1 snort adm 0 2010-04-01 08:47 snort_eth1.1270136823

Please suggest/guide.

Thanks and Regards,

Kaushal

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users